Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I authenticate a system user for scheduled processes in Spring?

Tags:

java

authentication

spring

spring-3

spring-security

we have a Quartz/Spring Batch job, that for audit logging purposes we'd like to have it "authenticated" as a system user. Some of our methods rely on fetching the SecurityContext to do this. The ways of running this job are trusted (or authenticated). We don't want to actually use a password or other token (since the process is basically always spawned by quartz).

I tried this

private void authenticate() {
    UserDetails admin = userDetailsService.loadUserByUsername( "admin" );

    RunAsUserToken token = new RunAsUserToken(
            UUID.randomUUID().toString(), admin, admin.getAuthorities(), null , null );

    Authentication user = authenticationManager.authenticate( token );

    if ( user.isAuthenticated() ) {
        SecurityContext sc = new SecurityContextImpl();
        sc.setAuthentication( user );
        SecurityContextHolder.setContext( sc );
    }
}

but it resulted in

org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.access.intercept.RunAsUserToken

and I'm not sure what some of RunAsUserToken parameters do (e.g. key) or what I should be giving it in regards to Credentials.

How can I authenticate or otherwise set the security context as if it was authenticated as this user?

like image 504
xenoterracide Avatar asked Apr 16 '15 19:04

xenoterracide

1 Answers

I'm not sure yet about the RunAsUserToken. I think it is intended to be used when someone is already authenticated, but the application what to execute something as another user.

I found an example of using it here.

But, maybe you don't really need that. If it is the case, you could just do : 

Authentication auth = new UsernamePasswordAuthenticationToken(admin.getUsername(), admin.getPassword(), admin.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);

And then admin will be authenticated. Also, you don't need to use admin.getPassword() since it won't be checked anyway.

Note that you don't have to create the security context : it already exists. I think it is ThreadLocal by default.

like image 102
baraber Avatar answered Oct 03 '22 01:10

baraber
Sign in to Comment

Related questions

what's the difference between spatial and temporal characterization in terms of image processing?
C# vs Java - why virtual keyword is necessary?
Create a standalone Java websocket client endpoint? [closed]
Enable CORS in Java Play Framework 2.2.x
What are the key differences between Java 8's Optional, Scala's Option and Haskell's Maybe?
Reload UserDetails Object from Database Every Request in Spring Security
Adding property to JSON using Jackson
Why is anonymous class required in "super type token" pattern in java
What does abstract path means in java.io?
Retrieve the content of meta description from web-page using selenium webdriver
Use of emptyIterator in java [duplicate]
Null check in Java 8 Elvis operator?
What is the correct META-INF directory location for context.xml in Tomcat?
Prevent retrofit from encoding my http request body
List::contains with comparator
JPA Criteria query group by uses only the id
Could not calculate build plan: Plugin org.apache.maven.plugins:maven-resources-plugin:2.6 or one of its dependencies could not be resolved
Java Logging exceptions, use getMessage or toString : log.warn(ex.getMessage()) or log.warn(ex) working with open source
What is the best approach to find all addresses that are in a specific distance to the selected point
Robolectric shadow not working

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!